Total
739 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8656 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | |||||
| CVE-2014-5253 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2025-04-12 | 4.9 MEDIUM | N/A |
| OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | |||||
| CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-12 | 10.0 HIGH | N/A |
| The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | |||||
| CVE-2003-1603 | 1 Gehealthcare | 1 Discovery Vh | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. | |||||
| CVE-2015-7921 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | |||||
| CVE-2013-7382 | 1 Vicidial | 1 Vicidial | 2025-04-12 | 5.0 MEDIUM | N/A |
| VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2014-5251 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2025-04-12 | 4.9 MEDIUM | N/A |
| The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. | |||||
| CVE-2009-5143 | 1 Gehealthcare | 1 Discovery 530c Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-0972 | 1 Pearson | 1 Proctorcache | 2025-04-12 | 5.0 MEDIUM | N/A |
| Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password. | |||||
| CVE-2016-2283 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
| CVE-2015-0930 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2016-0049 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass." | |||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2025-04-12 | 10.0 HIGH | 9.1 CRITICAL |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | |||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
| CVE-2015-3001 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 5.0 MEDIUM | N/A |
| SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | |||||
| CVE-2014-9736 | 1 Gehealthcare | 1 Centricity Clinical Archive Audit Trail Repository | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. | |||||
| CVE-2014-9248 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | |||||